Founder Ladar Levison declined to go into detail about the reasons – or, more accurately, gave the reason that he wasn’t allowed to give the reasons – but his recent connection with Mr Snowden invited plenty of presumption.

Silent Circle hadn’t been told to shut down, but decided to do so pre-emptively on the grounds that it couldn’t ensure true secrecy via email, and thus couldn’t promise you that your data wouldn’t become the subject of a lawful demand from the US authorities.

And we had something of a brouhaha about privacy on Gmail, where it seems that Google didn’t say that you had no expectation of privacy on Gmail, merely on emails sent inwards to Gmail, which is apparently not at all the same thing.

You can probably convince yourself that a mail provider that reads your incoming emails for its own commercial benefit (e.g. to target ads) is a very different matter than the government reading your emails for national security purposes…

…but you probably do want to take the time to consider the matter, just to make sure you are convinced.

Post navigation

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too.
Follow him on Twitter: @duckblog

I must be in the minority on this because I don't see the issue with PRISM in a general sense. Why shut down your legal company and/or shut down your email provider? I understand legal data is sensitive material, but at the same time Pamela wouldn't have anything to worry about unless she was sending illegal stuff back and forth right? The "surveillance" as it were, is finding the bad guy and pre-empting potentially dangerous situations. So what if some goverment person saw my email to a friend on ANY event or issue. Pull up my arrest record (i don't have one). I'm not doing any wrongdoing and the government person writes that off as nothing as well.

Of course those against this feel that we are still in the 1940's with the "untouchables" or that their downloading of music illegally can somehow go to the top of the arrest list ahead of organized crime bosses and drug kingpins? c'mon.

Yes Roy, trust your government, and other peoples' governments. They all know what's best for you after all, and me and all the other little people, and will never use this surveillance technology for anything other than freeing the world from good honest bang to rights criminals.

I really don't understand how someone can trust other people (believe it or not the government is actually made of living breathing humans) with this kind of power? I am unaware of any system that does not get abused, and if there is no recorded abuse then it is just because it is well hidden.

The atrocities that could be committed with this kind of power are the same order of magnitude as the ones they are trying to prevent.

Everything can be hacked. Everything. We are an amazing species. We are capable of incredible things. Is it beyond the realm of possibility that all this information that will be freely accessible to the powers that be could fall into the wrong hands?

So the question to ask yourself is not whether you are happy for the government to monitor EVERYTHING, it is instead:
Would you want this information in the hands of ANYONE who wants it?

First, for businesses like “secure” email providers, they simply cannot offer the promises that define their business. To continue to offer that can invite legal issues from customers.

Second, Groklaw is a journalism site. (I’m not sure it is a “true” journalism site, but I’m sure operates under that premise.) When you start talking about journalistic privacy, you start dealing with some very thorny issues.

Anyway, those issues aside for the moment, think of it this way with an analogy that I’m sure will offend some. When you talk to your lawyer or your priest in confession or a physician and patient, you are afforded some level of privacy by law. Journalism has somewhat similar protections. Remove those protections, and you break down the system.

Journalism also has protections for the journalist, things like Reporter’s privilege and other Shield laws.

It’s one thing to “force” courts to subpoena you to testify and/or go through legal (and publicly discoverable) routes to elicit information, but another thing entirely to circumvent the whole approach and just surreptitiously gather all of the information without notice, definition, or publicly discoverable intent.

"Pamela wouldn't have anything to worry about unless she was sending illegal stuff back and forth right?

OK. Let's put a camera in your bathroom and hook it up to a recorder at NSA headquarters. No one's going to look at the recording unless you're suspected of something (or maybe one of your houseguests is on a list), but hey, you're not doing anything illegal in there, so what have you got to worry about?

The threat is in the interpretation of what is good and what is bad. PRISIM is designed to catch terrorists, or so they say. If they decide in the future to alter the definition of "terrorist", what's to stop them from making inroads on other elements of the Internet? What if the threat to the country changes, giving them justification to watch us further?

The Internet WAS the only free country we had left. And now we are losing it. Everyone in the United States that expresses their opinions online should be alarmed by this.

The really disturbing thoughts occur when you combine this with the realization that anything put on the Internet is forever. What this means is that this data, including all the correlated metadata, will be available in perpetuity. So whoever gets their hands on it at any point in the future won't just have the future data to use, they'll have entire online life histories. This means that "they" can retroactively find out about your past, without the benefit of context. Humans are very contextual.

Plus, as we saw with Ed Snowden, it appears to be trivial for this data to leak or fall into the hands of someone the government does not wish to have it. Ask yourself this question: if the government doesn't wish someone to have the information, but they do anyway, shouldn't it either concern you that the data leaked, or that the government didn't want it to? It can't be good both ways. The only way to prevent this is to not collect the information (meaning the linked meta data) in the first place.

Roy Jones, the bad guys need legal representation too, and in order for a proper defense sometimes full disclosure is in order. I am led to assume that some of this disclosure had been happening over email, hence there decision.

Roy, I understand your point and while I think you may be in a minority it is not a small one. Personally I don't like the idea of people reading my e-mails when they were not intended for them. If your neighbour turned out to have access to the prism data and read your 'smushy' e-mails to your partner would you be fully happy with that? Or even if you were only talking about money you had legally obtained, again fully happy with that person being able to see your every message. While there are supposed to be controls over who can see this info the temptation for anyone on a secret project like this to look at friends / neighbours info if they can see it is high. I'm not saying they are doing it – I don't know one way or the other, but I would prefer them to not have the choice.

The issue arises of course how do you find the 'bad' people if you don't check everything? This is why very strict oversight is required. Does it exist – this is the question.

Seriously! Pamela Jones is going to throw away all that hard work on the gounds that someone might read her emails! Trust me nothing has changed, over 90% of the email traffic on the internet is unencrypted, if you can't even be bothered to implement some from of privacy, then how can you complain??

Besides, does Jones seriously think that the NSA are reading each of her emails? I unless she has reason to come to their attention, I doubt it.

So sure close your business, shut down your website, destroy your mobile phones, don't make landlines calls, use sat nav or send any kind of correspondence via snail mail. And enjoy your life of freedom from your government.

The issue isn't about the NSA reading emails, it's about the NSA using automated systems to parse metainformation to build a web of relationships. This is not a good scenario for anyone dealing with legal journalism. I'm sure Jones now sees herself as having been an unwitting tool to build a very interesting part of that web. Now that she's realized the implications, she has decided to no longer be an enabler of this kind of surveillance. I'm sure she's still doing just fine at a personal level, and hasn't retreated into a cave, eschewing all technology.

Remember that Jones started off this whole adventure knowing almost nothing about internet technology. She received things by email and posted them up on a static website for the world to see. Now she's realizing some of the ramifications of what she's done that are well outside of her intended purpose, sort of like what happens to people who are burned by social sites like Facebook.

Seems to me that PRISM is working well, just think of the time and trouble monitoring every piece of data can be saved by the sites that need to be monitored, closing down. If they don't exist you don't need to monitor them. Just another step towards total control of the Internet by Governments, pretty soon there will be no avenue to voice concern or displeasure about any Government or corporate body.

It really is astonishing to see the “if you have nothing to hide, why worry” brigade still showing their naiveté.

When they monitor and record everything, they can find evidence of a crime against anyone they wish to. See “Three Felonies a day” for instance.

Ever taken a picture from the Internet and reshared it to Facebook? That’s copyright infringement. Ever broken the speed limit? etc, etc.

What matters if they have a history for all is they can threaten and abuse – be that prosecuting you for some past misdemeanor, or outing some family member for being gay / having bdsm interests / or even political leanings.

At which point it is a system of control.

In a system of total observation people self censor and feel uncomfortable even when they have no need to.

There are so many reasons why, “I have nothing to hide, the government can spy on my emails to my friends,” doesn’t really hold up under discussion.

If nothing else, it would really be annoying to have full surveillance of me which can make note that I was in the block of 4th and Vine roughly around the time of a burglary, and that alone catches me into the system such that I now have to defend myself, even though I’ve done nothing wrong and have nothing to hide. Similar things can be held true in communications as well.

There is plenty of collateral damage that can occur, and plenty of influence on people’s behavior that you wouldn’t even think occurs, just because of lack of privacy. I’m sure there are studies of children comparing those whose parents remove most privacy and those who afford their children a certain level of private space and how their two behaviors or personalities may differ. Even their outlook on life and eventually choices may be defined there (example: Julien Assange).

That sort of influence, while sometimes very subtle, can change cultural undercurrents dramatically, over time.

John said: "…pretty soon there will be no avenue to voice concern or displeasure about any Government or corporate body."

That's right. Everybody should be thinking deeply about that concept. Very deeply, as if your life depended on it, because in a very fundamental way it does… the life of humanity as a whole is about to be controlled to the minutest detail by a faceless, unaccountable entity that harbors unknown/unknowable values.

Scary. Even scarier is the realization that most people just don't see any harm in this course of events. If people don't wake up and put an end to this universal prying I have to conclude that we are doomed as a species.

The bad outcome is not inevitable, but folks need to come out of dreamland and see the beast for what it is. Now.

I don't think we have more than 2 or 3 years before a new dark age descends upon global communication.

The orientation toward individual achievement in modernist societies (in contrast to the mythic-conformism of the previous era) has a dark side that usually goes unexamined. As such, abuse of authority tends to be overlooked and corruption sets in.

I read this (or something to this effect) the other day and it is so true. "When someone else knows all about you they have the ability to manipulate you."

I don't trust any government now, especially in the US (where I live), and when trust is violated, it is extremely difficult to regain it. Just consider how difficult it is to heal a marriage after one of the persons is unfaithful to the other.

PJ has all my sympathy though I will miss reading her insights along with that of other contributors.

With all due respect to Pamela Jones, her response to the discovery that unencrypted mail is not secure is astonishingly unrealistic. I’ve read her entire post explaining her reasons for abandoning Groklaw. She’s entitled to do whatever she wants with Groklaw, but she’s just plain wrong in her assumptions about secure messaging. It is entirely possible to communicate securely via email…without any need to use an outside service like LavaBit or Silent Circle.

What she needs to do is be part of the solution and educate her users about encrypted messaging. But she would first have to educate herself.

[comment edited for length]

I share Pamela’s sentiments about the increasingly oppressive and intrusive actions of the state, but I learned long ago that I was going to have to accept responsibility for the security of my own communications. I’ve been encrypting my messages since 1998 with any co-communicant who’s smart enough to take the same measure of responsibility. Anyone else, including Pamela Jones and her Groklaw users, can do the same.

This isn't The Matrix. You say information is personal. To what degree? Of course if its up to society everythings secret right? But thats how criminals can feed off that secrecy. all secure email? Okay tell me how you would intercept a potential dangerous situation if they were only sending email?

I've had to view peoples emails. Did I care when I read those supposedly "personal" emails? No because really it wasn't something I hadn't seen before anyway, meh. Again I'm in the minority.

This trend of folding over PRISM makes no sense to me, because it runs counter to what these services stood for: enablement. Regardless of one's level of naivete or jadedness, surveillance is now an inevitable obstacle to be acknowledged and also *overcome*. We are still going to want to email, to surf the Net, to read about IT legal matters somehow. If everyone just gave up like this, there will be nothing left online for the privacy and security conscious. Not that un-wiring ourselves is a terrible thing — I sure need to on vacation — but abandoning ship solves nothing.